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(54) A mechanism for enabling secure electronic transactions on the open internet 



(57) A method is jarovided for performing a transac- 
tion that is initiated over an open communication net- 
work between a user and a remotely located server. The 
open communication network may be the Internet, for 
example. In accordance with one embodiment of the 
method, a tra nsaction identification number is received 
from the remotel y located server over the open network 
arid "subsequentl y, co mmunication between the use r 
and the rem otely located server is discontinued. Com- 
munication is established between the user and a trans- 
action server. The transaction server is operatively 
coupled to the user and the remotely located server 
over a communication ne twork which is isolated from 
the open network. T he transaction identification number 
is transmitted to the transaction server over the commu- 
nication network. After the transaction server confirms 
the validity of the transaction identification number, in 
response to a request from the transaction serve r, a 
t ransaction authorization number is transmitted over the 
communication network to the transaction server to , 
complete the transaction. 
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Description 
Reld of the Invention 

This invention relates generally to a method for per- 
forming secure transactions on cspen communication 
networks and, in particular, to a rhethod and apparatus 
for performing transactions such as purchases over the 
World Wide Web. 

Bgckqrogntl pf the Invgntipn 

Open public networks such as the Internet, and in 
particular the World Wide Web. have undergone tre- 
mendous growth as a distribution channel for busi- 
nesses. These businesses typically provide an Internet 
srte to promote one or more products or services. Of 
course, it would be convenient if customers could actu- 
ally complete a transaction and purchase a product or 
service over the Intemet However, it is cunently diffbult 
to secure data traffic that traverses the Internet because 
the Internet is an open environment with no guarantees 
of data privacy and thus a third party can access or alter 
the data as it is in transit. Consequently sensitive data 
such as credit card numbers cannot be transmitted over 
the Internet with adequate assurances of security. 

A variety of techniques have been explored to 
secure data on the Internet. Many of these techniques 
involve data encryption, which may provide adequate 
security for a limited time. However, encryption tech- 
niques are continuously in jeopardy of being broken 
because technologies to break encryption schemes are 
being developed as rapidly as the encryption tech- 
niques themselves and because the computing power 
and communication systems needed for decryption are 
fast becoming ubiquitous and cheap. Moreover, in addi- 
tion to the technological problems of providing security 
on the Internet, there is a large socio-cultural impedi- 
ment to performing electronic transactions on the Inter- 
net sinpiy because people question its security. 
Accordingly, it would be desirable to provide a conven- 
ient method for performing a reasonably secure trans- 
action over the Internet. 

Summary of the Invention 

The present invention provides a method for per- 
forming a transaction that is initiated over an open com- 
munication network between a user and a remotely 
located server. The op&i communication network may 
be the Internet, for example. In accordance with one 
embodiment of the method, a transaction identification 
number is received from the remotely located server 
over the open network and sutjsequently. communica- 
tion between the user and the remotely located server is 
discontinued. Communication is established between 
the user and a transaction server. The transaction 
server is operatively coupled to the user and the 
remotely located server over a communication network 
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which is isolated from the open network. The transac- 
tion identification number is transmitted to the trarsac- 
tion server over the communication network. After 
confirming the valicfity of the transaction identification 

5 number, the transaction server requests a transaction 
authorization number. In response to this request, a 
transaction authorization number is trar^mitted over the 
communication network to the transaction server to 
complete the transaction. 

10 The bBnsttion in communication between the 
remotely located server and the transaction server may 
occur automatically upon a request from the user to 
complete the transaction. Accordingly, tiie user can per- 
form a secure transaction in an extremely convenient 

IS nranner. 

Brief Description of the Drawings 

FIG. 1 shows an example of a system constructed 
BO in accordance with the present invention which is incor- 
porated into the World Wide Web. 

FIG: 2 shows a flow diagram illustrating one 
emtxxli merit of the process used to purchase an item 
from the World Wide Web in accordance with the 
25 present invention. 

Detailed Description 

The present invention allows an individual to 

30 browse the open World Wide Web (WWW) and in a 
seamless manner perform secure transactions over a 
secure electronic communication medium that is iso- 
lated from the WWW. Such secure communications 
media are often employed by banks, for example, to 

35 allow customers to perform home banking over a per- 
sonal computer. These secure communication media 
typically employ an encrypted proprietary protocol oper- 
ating over a telephone link (i.e., a circuit switched POTS 
connection). FIG. 1 shows an example of a system in 

40 accordance with the present invention which is incorpo- 
rated into tiie WWW. 

A personal computer 10 or other data processing 
device is coupled to the open Internet 12, and in partic- 
ular the WWW, via an Internet provider gateway 1 4. The 

45 comF»Jter 10 irrterfaces with the gateway 14 via an 
input/output device 16 ttiat typically includes a modem. 
The computer 1 0 may be employed by a user to search 
the WWW with a web browser in a conventional manner 
and communicate with a remotely located server 1 8 that 

so may represent, for example, a vendor advertising . a 
product or serxnce. Examples of web browsers include 
Netscape's Navigator and Microsoft's Internet Explorer, 
for exanrple. 

Currently, if the user desires to purchase the prod- 
55 uct or service from the vendor, the user provides a credit 
card number over the networK thus potentially allowing 
a third party access to fne card number, even if an 
encryption technique is employed. In accordance witii 
the present invention, however, tinis problem is avoided 
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because sensitive data is never transmitted over the 
open WWW. Rather, in response to the user's request to 
make a purchase, t he vendor 1 8 transmits a purchase 
or der number both to the user 10 over the WWW and to 
a transaction server 19 that is isolated from the Internet. 
The vendor 18 comrnunicates with the transaction 
servern^ over ahV fleSireci Communication svsterfTTr 



t hat is isolated from the Interne t. This system 1 1 may 
enrploy a proprietary protocol that operates over a tele- 
phone link such as any of those conventionally used tor 
banking. 

The user subsequently pays for the purchase by ini- 
tiating communication between the connputer 10 and 
the transaction server 1 9 over another communicatio n 
system 13 that is isolated from the WWW^ and which 



al so may e mploy a pr'7r'''"*^'YprPt"'^ ol operating over a^ 
t elephone link The user provides the purchase order 
number to the transaction server 19 and proceeds to 
complete the purc hase by providing a credit numbe r. 
Since the transaction server 19 is isolated from the 
open WWW the inherent risks of communicating sensi- 
tive information is avoided. The transaction between the 
user and the transaction server has a degree of security 
at least equivalent to the security provided by a conven- 
tional telephone and preferably to the level of security 
provided bv oroDcifitan Lhome banking, tax filing, or bill 
paying communication systems. A system employing a 
proprietary protocol to transmit data over the telephone 
system is advantageous because consumers by and 
large believe that transmitting sensitive data in this man- 
ner (by speaking or faxing the data, for example) is 
secure. Support for this belief is provided by the suc- 
cess of on-line banking, tax filing and bill paying sys- 
tems. 

It should be noted that the term "isolated" as used 
herein refers to isolation with respect to information 
transport and not physical isolation. For example, por- 
tions of the communications system 13 and the Internet 
12 may share the same physical links such as the user s 
local telephone line. Howeve r, the communication sy s- 
tem 13 and the Internet 12 do not communicate with 
ona.anothec. 

In accordance with one aspect of the invention, the 
user is provided with software to be executed on the 
computer 10 which automaticall y performs the transitio n 
i n communication from the WWW 12 to the transac tion 
s erver 19 so that the details involved are invisible tothe 
user. That is, when the user wishes to place an order, 
there is no need to manually disconnect from the WWW 
12 and initiate communication with the transaction 
server 19 over the isolated communication system. 
Rather, the software residing in the computer 10 per- 
forms the transaction so that the user may even be una- 
ware that tiie computer 10 has disconnected from the 
WWW and initiated communication with another net- 
work. 

FIG. 2 shows a flow diagram illustrating one 
embodiment of the process used to purchase an item 
from the WWW in accordance with the present inven- 



tion. Each block in FIG. 2 identifies tine operations to be 
performed by the personal computer to provide the 
functionality contemplated by the present invention. It 
should be noted that the operations performed by the 

5 computer may be implemented programically by soft- 
ware residing on the computer or by direct electrical 
connections through customized integrated circuits or 
by a combination of both. 

The process begins in step 200, in which communl- 

10 cation is established between the computer and the 
WWW in a conventional manner. The user browses 
public sites on the WWW and ultimately decides to pur- 
chase a product or service from a vendor. The user s 
computer receives the purchase order number in step 

75 209 of FIG. 2. The vendor generates a purchase order 
number in response to the user's request and transmits 
the order number to both the transaction server and the 
user's computer 10. The vendor directs the user to con- 
tact the appropriate transaction server and may addi- 

so tionatly provide the user with the server's telephone 
number which may. for example, be an 800 number. 
The telephone number may be unique to the particular 
transaction server or it may be unique to both the trans- 
action server and the verxior (so that each transaction 

25 server can receive requests in connection with different 
vendors each having a unique telephone number). 
Moreover, the present invention contemplates the provi- 
sion of a plurality of transaction servers as demand war- 
rants and in some cases vendors may work in 

30 cooperation with more than one transaction server. 

in step 201 communication between the WWW and 
the computer is suspended by either discontinuing the 
communication session or by placing the connection to 
the WWW in a hold state via a three-way calling service. 

35 In step 203 the comput©- establishes communication 
with the transaction server over the secure network. As 
previously noted, the vendor may provide the user with 
the appropriate telephone nunrtk>er. This may be accom- 
plished in a simple manner by having the vendor display 

40 the telephone number on its web page. However, this 
scheme may not be sufficiently secure because a third 
party could potentially alter the telephone number while 
it is being transmitted from the server to the user, 
thereby fraudulentiy obtaining the user's credit card 

45 number by having the user call a telephone number 
accessible to the third party. 

In yet another alternative embodiment of the inven- 
tion, the telephone number of the transaction server 
may be locally stored in the computer or. alternatively. 

50 the user may retrieve the appropriate telephone number 
from a directory located in the secure communication 
system which includes the transaction server. The tele- 
phone number of the directory may be stored in the 
computer or it may be provided by the vendor. The 

55 directory may reside on the transaction server itself or it 
may reside in another conponent in communication 
with the secure system. In one particular embodiment of 
the invention, the conputer first uses the Universal 
Resource Locator (URL) of the vendor and attempts to 
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retrieve the phone number for its transaction server 
from a locally stored directory. If the number is not 
found, the computer automatically dials the directory 
located on the secure network and downloads the 
appropriate telephone number. K the telephone number 
is still not found, the computer prompts the user to pro- 
vide the appropriate number. Finally, if the number is 
unavailat3le. the attempted transaction is aborted and 
the computer returns to vendors site on the WWW, 
which had been on hold. In this situation customer serv- 
ice should be called. 

Returning to step 203, after communication has 
been established with the transaction server, the user 
provides the server with the purchase order number in 
step 202. The transaction server locates the purchase 
order and may echo to the user a list of the products or 
services to be purchased. The user approves the pur- 
chase and in step 204 provides a credit card number to 
complete the transaction. Once the transaction between 
the computer and the transaction server is complete, 
the computer ends the communication session with the 
transaction server in step 205 and resumes communi- 
cation with the WWW in step 207. The transaction 
server subsequently transmits the completed order 
back to the vendor or directly to a shipping department. 

In one embodiment of the irwention. the communi- 
cation session between the computer 10 and the trans* 
action server is configured to appear to the user as a 
WWW communication session. That is. the imerface 
between the computer 10 and the transaction server is 
designed to function in a format similar to a WWW 
browser so that the user is virtually unaware that the 
computer has suspended communication on the WWW 
and initiated communication over a secure network iso- 
lated from the WWW From the user's perspective this 
advantageously simplifies the task of purchasing an 
item over the WWW in a relatively secure manner. 

In accordance with one aspect of the invention, the 
purchase order number provided to the user may be 
randomly generated by the vendor s server. This feature 
prevents unauthorized^users from dialing in to the trans- 
actiori server and attempting to access orders by trying 
arbitrary purchase order numbers. Additionally, the 
transaction server can limit the user to a predetermined 
numtjer (e.g. three) of incorrect order numbers before 
terminating the connection. 

In the embodiment of the invention discussed in 
connection with FIG. 2. the user's computer 10 initiated 
contact with the transaction server, as opposed to the 
transaction server initiating contact with the user. While 
the present invention encompasses txrth procedures, 
the former procedure is advantageous because if the 
latter procedure is used, an unauthorized party on the 
open Internet could detect a message from the user to 
the vendor requesting a return call for credit card 
authorization. This party could then call the user, thus 
emulating the transaction server to fraudulently acquire 
the user's credit card number. 

It will be appreciated that those skilled in the art will 



be able to devise numerous arrangements which, 
although not explicttiy shown or described herein, 
embody the principles of the invention. Accordingly, all 
such alternatives, modifications and variations which fall 

5 within the spirit and broad scope of the appended 
claims will t>e embraced by the principles of the inven- 
tion. For example, while the invention has been 
described in connection with FIGS, i and 2 as a method 
for completing a transaction on the Internet the inven- 

10 tion is more broadly applicable to a method for complet- 
ing a transaction on other open communication systems 
as well. 
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Claims 

1 . A method for performing a transaction initiated over 
an open communication network between a user 
and a remotely located server, comprising the steps 
of: 

a. receiving a transaction identification number 
from the remotely located server over the open 
netvrork; 

b. discontinuing communication between said 
user and said remotely located server; 

c. establishing communication between said 
user and a transaction server, said transaction 
server toeing cperatively coupled to said user 
and said remotely located server over a com- 
munication network isolated from said open 
network; 

d. transmitting said transaction identification 
number to said transaction server over said 
communication network; 

e. after the transaction server confirms validity 
of the transaction identification number, trans- 
mitting over said communication networK in 
response to a request from said transaction 
server, a transaction authorization number to 
said transaction server to complete the trans- 
action. 



2. The method of claim 1 wherein steps (b) and (c) 
occur automatically in response to a request from 

45 said user to complete the transaction. 

3. The mettiod of claim 2 wherein steps (b) and (c) 
occur in a manner substantially transparent to said 
user. 

so 

4. The method of daim 1 wherein communication over 
said communication network between said user 
and said transaction server employs an encrypted 
protocol at least in part operating over a telephone 

55 link. 

5. The method of claim 1 wherein said open network 
conprises the Internet. 
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6. The method of daim 5 wherein said open network 
conprises the world wide web. 

7. The method of claim 1 wherein said user is in com- 
munication with said remotely located server and s 
said transaction server over a personal computer. 

8. The method of claim 1 wherein said remotely 
located server is employed by a vendor to advertise 

on the open network. io 

9. The method of daim 8 wherein said transaction 
comprises a purchase. 

10. The method of daim 9 wherein said transaction is 
authorization number is a credit card number. 

11. The method of claim 1 wherein step (a) further 
comprises the step of receiving from said remoteiy 
located server a telephone number of said transac- so 
tion server. 

1 2. The method of claim 1 wherein step (b) indudes the 
step of suspending communication between said 
user and said remotely located server by placing 25 
said remotely located server in a hold state, 

1 3. The method of daim 1 wherein said communication 
in step (c) is initiated tiy said user. 

30 

14. The method of claim 13 wherein said user initiates 
communication with said transaction server by per- 
forming the step of retrieving a locally stored tele- 
phone number of said transaction server. 

35 

15. The method of claim 13 wherein said user initiates 
communication with said transaction server by 
retrieving a telephone number from a directory 
located in said communication network. 

40 

1 6. The method of claim 6 wherein said transaction is 
initiated by the user using a World Wide Web 
browser 

1 7. The method of daim 1 further conprising the steps 45 
of: 

f. discontinuing communication between said 
user and transaction server; 

g. subsequently resuming communication so 
between said user and said remotely located 
server. 

18. The method of claim 17 wherein steps (f) and (g) 
occur automatically after completion of step (e). ss 

19. A computer readable medium having a computer 
program encoded thereon for performing a transac- 
tion initiated over an open communication network 
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between a user and a remotely located server, 
comprising: 

a first portion of said medium having a first pro- 
gram segment for receiving a transaction iden- 
tffication number from the remotely located 
server over the open network; 
a second portion of said medium having a sec- 
ond program segment for discontinuing com- 
munication between said user and said 
remotely located server; 
a third portion of said medium having a third 
program segment for establishing communica- 
tion between said user and a transaction server 
over a communication network isolated from 
said open network; 

a fourth portion of said medium having a fourth 
program segment for transmitting said transac- 
tion identffication number to said transaction 
server over Sciid communication network; 
a fifth portion of said medium having a fifth pro- 
gram segment for transmitting over said com- 
munication network, after the transaction 
server confirms validity of the transaction iden- 
tification number and in response to a request 
from said transaction server, a transaction 
authorization number to said transaction server 
to complete the transaction. 

20. The medium of claim 19 wherein said second and 
third program segments are automatically executed 
in response to a request from said user to complete 
the transaction. 

21 . The medium of claim 20 wherein said second and 
third program segments are executed in a manner 
substantially transparent to said user. 

22. The medium of claim 1 9 wherein said third, fourth, 
and fifth program segments employ an encrypted 
protocol operating at least in part over a telephone 
link. 

23. The medium of claim 1 9 wherein said open network 
comprises the Internet. 

24. The medium of claim 23 wherein said open network 
conprises the World Wide Web. 

25. The medium of daim 19 wherein said renrotely 
located server is employed by a verxJor to advertise 
on the open network. 

26. The medium of claim 25 wherein said transaction 
comprises a purchase. 

27. The medium of claim 26 wherein said transaction 
authorization number is a credit card number. 
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28. The medium of claim 19 wherein said first program 
segment further receives from said remotely 
located server a tel^hone number of said transac- 
tion server 

29. The medium of claim 19 wherein said second pro- 
gram segment suspends communication between 
said user and said remotely located server by plac- 
ing said remotely located server in a hold state. 

30. The medium of daim 19 wherein said third program 
segment initiates communication t>etween said 
user and said transaction server. 

31 . The medium of daim 30 wherein said third program 
segment initiates communication with said transac- 
tion server by retrieving a locally stored telephone 
number of said transaction server from a sixth por- 
tion of said medium. 

32. The medium of daim 30 wherein said third program 
segment initiates communication with said transac- 
tion server by retrieving a telephone numb^ from a 
directory located in said communication network. 

33. The medium of claim 24 further comprising a sixth 
portion of said medium having a sixth program seg- 
ment for browsing on the World Wide Web. 

30 



35 



40 



45 



SO 



55 



5 



10 



SO 



BNSDOCID: <EP 0813325A2,I_> 



6 



i v 



EP 0 813 325 A2 



FIG. 1 



ISOUTED TRUSTED 
DIRECTORY SERVER 



16 



/ / 
/ / 
/ / 

/ / 
/ / 
/ / 

J. L 



oooooooo 
'MODEM'S 



19 



TRANSACTION 
SFPVER 



DATABASE 



13 



PROPRIETARY 
SECURE 
PROTOCOL 





INTERNET 
PROVIDER 
GATEWAY 



BNSDOCID: <EP 0ei3325A2_l.> 



7 



EP 0 813 325 A2 



FIG. 2 
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(54) A mechanism for enabling secure electronic transactions on the open internet 



(57) A method is provided for performing a transac- 
tion that is initiated over an open communication net- 
work between a user (10) and a remotely located server 
(18). The open communication network may be the 
Internet (12), for example. In accordance with one 
embodiment of the method, a transaction identification 
number is received from the remotely located server 
(209) over the open network and subsequently, commu- 
nication between the user and the remotely located 
server is discontinued (201). Communication is estab- 
lished between the user and a transaction server (203). 
The transaction server is operatively coupled to the user 
and the remotely located server over a communication 
network which is isolated from the open network. The 
transaction identification number is transmitted to the 
transaction server over the communication network 
(202). After the transaction server confirms the validity 
of the transaction identification number, in response to a 
request from the transaction server, a transaction 
authorization number is transmitted over the communi- 
cation network to the transaction server to complete the 
transaction. 
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